<?php

		/* script section */
        unset($_GET);
		       
        if( isset($_POST['username']) && isset($_POST['password']) && isset($_POST['name']) && isset($_POST['surname'])&& 
        isset($_POST['interests'])&& isset($_POST['email'])){
       
            echo '<?xml version="1.0"?>'."\n";
            echo "<register>\n";
       	
            if (!@mysql_connect('localhost', 'vidalelu_epic', 'vidale509123')) { error(1); }
            if (!mysql_select_db('vidalelu_epic')) { error(2); }
       
            if(get_magic_quotes_gpc()) {
                $login = stripslashes($_POST['username']);
                $pass  = stripslashes($_POST['password']);
                $name = stripslashes($_POST['name']);
                $surname = stripslashes($_POST['surname']);
                $email = stripslashes($_POST['email']);
                $interests = stripslashes($_POST['interests']);
            } else {
                $login = $_POST['username'];
                $pass  = $_POST['password'];
                $name = $_POST['name'];
                $surname = $_POST['surname'];
                $email= $_POST['email'];
                $interests = $_POST['interests'];
            }
       		
            unset($_POST);
            
            $kid = usernameverify($login);
            if($kid == -1) {
                error(4);/*username già presente*/
            } else {
            	$result = register($login,$pass,$name,$surname,$email,$interests);
                if($result != -1){ 	
                					printf('	<user id="%d"/>'."\n", $kid); 
                					echo "</register>";}
                else{ 
                					error(3); 
                		}
            	
                
            }
                   
            
        }

        
        /* functions section */
        
        
        
        function error($ec) {
            printf('    <error value="%d"/>'."\n".'</register>',$ec);
            die();
        }
		
        function usernameverify($username){
        	
        	$select = "SELECT user_id FROM auth_table ";
            $where = "WHERE login = '%s'";
        	$fixedlogin = mysql_real_escape_string($username);
        	$query = sprintf($select.$where, $fixedlogin);
        	$result = mysql_query($query);
        	if(mysql_num_rows($result) == 0) { return 1; }  else { return -1;}
        	
        	
        }
        
        
        function register($login, $pass, $name, $surname, $interests,$email) {
            
        	$fixedlogin = mysql_real_escape_string($login);
            	$fixedpass  = mysql_real_escape_string($pass);
        	$fixedname = mysql_real_escape_string($name);
        	$fixedsurname = mysql_real_escape_string($surname);
        	$fixedinterests = mysql_real_escape_string($interests);
        	$fixedkid = mysql_real_escape_string($email);
        	$insert = "INSERT INTO auth_table (username, password) VALUES ('%s','%s')";
        	$query = sprintf($insert, $fixedlogin, $fixedpass);
            	$result = mysql_query($query);
        	if($result){	
        					
				$select = "SELECT username FROM auth_table ";
			    	$where = "WHERE username = '%s'";
				$query = sprintf($select.$where, $fixedlogin);
				$result = mysql_query($query);
				$row = mysql_fetch_row($result);
			    	$kid = $row[0];
			    	$insert = "INSERT INTO profile (username, name, surname, email, interests) '%s','%s', '%s','%s','%s')";
				$fixedkid = mysql_real_escape_string($kid);
				$query = sprintf($insert, $fixedkid, $name, $surname, $email, $interests);
				$result = mysql_query($query);
				if($result){ return 1;} else {return $kid;}			            
        	}
        	else{
        			return -1;
        	}
            
        	
            
        	
        }
    ?>
